Paul, can you tell us something about your background and your current role?
I’m a Detective Sergeant with the City of London Police; I was previously seconded to the National Hi-Tech Crime Unit as an operational team leader. As a career detective I have spent the last 10 of my 25 years service specialising in Internet, network and forensic investigations at a local, national and international level. As a result I have had to give evidence in a number of Crown Courts in this country and their equivalent overseas.
Since January 2004 I have been in charge of the Hi-Tech Crime Team in the City. In this role I’m responsible for the day to day running of the team and for the implementation of the force’s outreach programme to the financial sector. This e-crime strategy involves giving presentations to a wide range of business organisations and at the same time actively encouraging the flow of information between the private sector and law enforcement regarding hi-tech and e-crime.I have also had a number of practitioner papers published on E-Crime, as well as articles in the Guardian supplement. Along with a number of IT and computer forensic qualifications I also hold a Master of Science in Professional Computing, am an associate of the Institute of Information Security Professionals, and am also a regular lecturer on Computer Forensics, Hi-Tech and E-Crime at a number of Universities and Colleges.
What is your workload like and what is your role in managing that workload?
All over the globe more and more instances of hi-tech and e-crime are being investigated by law enforcement agencies and other investigative bodies. Along with this increase in workload has come the realisation that crimes involving computers (either as the target of offending, as one of a range of tools, or as the principal tool used in the commission of offences) are technically difficult to investigate and raise many practical problems. One of my main roles is solving those problems and anticipating as many of them as I possibly can.
What are the main challenges in computer forensics and what strategies can we employ to meet them both now and in the future?
There are major challenges facing the world of information security, incident response and computer forensics in how best to understand and deal with the complex and dynamic developments in the ever-evolving world of the Internet and digital information. If we do not invest in the skills necessary to police this ever-changing environment we will have to contend with playing ‘catch-up’ in understanding how new technologies are associated with traditional and new crimes.
As a forensic science we need to continually seek cost effective ways of running digital and electronic investigations involving IT abuse and hi-tech crimes. To achieve this we need to commit to training that allows for regular updates, commit to adequate funding and combine it with a commitment to quality. There is also a need to acknowledge the importance of our work, whilst at the same time trying to get others to understand the issues and difficulties associated with it.
In your experience, are criminals becoming better informed about computer forensics procedures? How will these skills be used by criminals in the future?
Organised crime and criminals do not stand still and the history of crime trends shows how they have transcended different crimes:
– Armed Robbery (£25K and 25 years in prison)
– Controlled drugs (1 Kilo Cocaine $1K – re-sale $23K)
– Counterfeit Currency
Now we have offences like counterfeit pharmaceuticals and e-fraud being committed via the Internet:
– 1 Kilo of active ingredient costing $70 makes 14,000 tablets – each tablet sells for $10 making $140,000
In addition, criminals are becoming aware that more than any other global crime, the swiftness and flexibility of computer crime challenges the existing rules of regulation and legislation. Such crimes can be and are perpetrated from anywhere in the world against any computer.
Criminals do attempt to camouflage their methodology but not necessarily because they have become aware of forensic procedures. Those that advocate such awareness tend to have the tools, but not the know-how or the inclination to use them. However, I do believe that this trend will change, although changes will vary in speed dependent on the type of abuse or crime.
As for the future, as well as the awareness and use of anti-forensic tools, I see more and more computer literate criminals being sent to prison, in particular ‘hackers’ and ‘those with a sexual interest in children’, a number of whom have very good knowledge of the use of sophisticated computer and Internet techniques. The upper echelons of the criminal fraternity will exploit these skills to their own ends, for example the drug dealer who wants an untraceable and anonymous communication network.
What particular aspects of computer crime legislation do you feel could be improved?
Hi-tech crime is committed across cyberspace and does not stop at national borders. More than with any other large-scale crime, the swiftness and flexibility of hi-tech crime leaves our existing rules of regulation and legislation outdated. Such crimes can be perpetrated from anywhere in the world against any computer and I believe that efficient action to combat it is necessary at not only a local level but also at an international level. Legislation in most countries has fallen behind; it needs to maintain the same speed of change as “Moore’s Law”. The international legal systems have gone some way to achieving the sixth principle established by G8, commonly known as “quick freeze, slow thaw”.
However the detection and punishment of hi-tech crime is highly likely to remain problematic. This type of crime is perceived to suffer from an increased tendency to ‘legislative dependence’; in other words a long period of time elapsing between innovations in criminal enterprise and the response of the state and law enforcement agencies. Technology, and as a result digital crime, develops and changes very rapidly and it takes years for legislation to be enacted, by which time the crime and criminal will have developed a different form of modus operandi. As a consequence there are those, including me, who say that many digital crimes and criminals cannot be dealt with appropriately under current legislation and unfortunately this is not likely to change in the near future.
What is the most rewarding part of your job? What aspect of your job do you find most challenging?
Beside the rescuing of children from harm, the most rewarding part is trying to establish multidisciplinary partnerships between academia, industry and law enforcement, in order to work together on emerging problems within e-commerce, e-discovery, e-crime prevention, hi-tech crime and IT enabled abuse while trying to ensure that any such combined effort produces real results such as developing research into technologies and tools or creating a repository for electronic crime and cyber forensics technical papers. In addition to my efforts, there are national institutions and agencies around the globe trying to do the same.
The most challenging aspect is getting organisations to understand where they are exposed in relation to incident response and forensic procedures. It is very hard to get an IT administrator to think like an offender, and have him or her keep pace with them. If we were able to put such infrastructures in place I believe we would all be able to further our knowledge and investigative skills with regard to IT abuse, and in particular hi-tech crimes and the hi-tech criminal.
Encouraging others to establish these foundation stones, along with the thought of legal and financial sanctions, may motivate and cause them to consider the establishment of things like e-crime units, e-crime laboratories and public-private partnerships; especially the latter as history shows us that they do work.
What advice would you give to someone who has just started a career in computer forensics? What qualities do you look for in new colleagues?
What is clear as a forensic examiner in the public or the private sector is that the procedures, techniques and guidelines are equally applicable to the collection and examination of digital evidence in internal, civil and criminal investigations. In addition, the emerging case law and regulatory requirements have produced the need for everyone to preserve data ‘by the book’. This, and the speed with which technology is advancing have far reaching implications for the forensic examiner. It also emphasises the need to deal with evidential data as if it were criminal, and the need to keep up to date with emerging techniques and technologies.
Qualities? I look for someone who combines attention to detail and patience with innovative and practical thinking.
Finally, what do you do to relax in your free time?
I love and always have loved sport; however, my wife will not let me subscribe to any sports channel on TV! She says if they put ‘slug wrestling’ on, I would watch it. However, my true love is rugby and if you want to read about the grass roots of the game whilst having a permanent smile on your face then read that all time classic ‘The Art of Coarse Rugby’ by Michael Green.